Project

General

Profile

Actions

Bug #819

closed

spawn-fcgi processes ignore user's other groups

Added by Anonymous over 18 years ago. Updated almost 16 years ago.

Status:
Fixed
Priority:
Normal
Target version:

Description

I have observed the following behaviour with spawn-fcgi...
http://lists.edgewall.com/archive/trac/2006-August/009484.html

It seems that spawn-fcgi processes are restricted to the user's default group (or the group specified with -g or both - not sure) but in any case, the user's other groups are totally ignored. In the above example, the trac user is a member or the subversion group but a permissiod denied error is received when trying to access the Subversion repository, despite the correct permissions being set.

I have a feeling this might be related to bug #78. By the look of the changeset, the change was only applied to server.c and not spawn-fcgi.c as well.

-- chewi

Actions #1

Updated by Anonymous over 18 years ago

Ah I see that change was added later. Something's still not right then.

Actions #2

Updated by Anonymous almost 18 years ago

I've been experiencing the same thing. From looking at the code, I'd say it should work. But it doesn't for me.

-- Matthijs Kooijman <m.kooijman

Actions #3

Updated by stbuehler over 16 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

If you specify user and group it should work (initgroups need username and group id).

Actions #4

Updated by Anonymous over 16 years ago

So are you saying that it is correct that only the exact user and group you specify (and not any other groups that user may be in) should apply? That doesn't seem right to me. I have since found that you can work around the problem by starting spawn-fcgi via sudo instead since that does respect the user's other groups.

Actions #5

Updated by stbuehler about 16 years ago

  • Status changed from Fixed to Wontfix
Actions #6

Updated by stbuehler almost 16 years ago

  • Project changed from Lighttpd to spawn-fcgi
  • Category deleted (mod_fastcgi)
Actions #7

Updated by stbuehler almost 16 years ago

  • Target version set to 1.6.0
Actions #8

Updated by stbuehler almost 16 years ago

  • Status changed from Wontfix to Fixed

Fixed in r13 (uses default user group as group; if you choose a different group, the spawned process will probably not have its default group in the group list).

Actions

Also available in: Atom